Privacy Roundup #0237 • April 2026
April brought a hacked FBI wiretap system, fresh fights over government location buying, and a wave of breaches and fines across Europe and the United States.
1. Suspected Chinese breach of FBI system exposed surveillance targets' phone numbers
The FBI told Congress that intruders reached an unclassified system holding pen register and wiretap data. The bureau called it a major incident and pointed to a China linked group.
2. France confirms data breach at government agency that manages citizens' IDs
France confirmed that hackers broke into ANTS, the agency that issues passports, ID cards and driving licences. A criminal offered millions of records, including names, dates of birth and contact details, for sale.
3. Mercor, a $10 billion AI startup, confirms it was the victim of a major cybersecurity breach
The AI data firm Mercor said attackers stole information after they poisoned the open source LiteLLM library. Criminals claimed terabytes of source code and internal records, and some contractors later sued over their exposed data.
4. Hackers steal and leak sensitive LAPD police documents
A group broke into a file sharing tool at the Los Angeles City Attorney's Office and took hundreds of thousands of files. The leak held witness names, medical details and unredacted complaints tied to police cases.
5. New Mexico's Meta Ruling and Encryption
Bruce Schneier warned that a New Mexico ruling against Meta treated end to end encryption as a liability. He argued the case could push platforms toward more monitoring and weaker protection for everyone.
6. FISA Section 702: Congress passes short-term surveillance program extension just before deadline
With the spying power about to lapse, Congress passed short patches to keep Section 702 alive. Lawmakers extended the authority without adding a warrant rule for searches of Americans' data.
7. Congress Must Reject New Insufficient 702 Reauthorization Bill
The Electronic Frontier Foundation urged Congress to reject a reauthorisation bill that lacked a real warrant requirement. It said the measure left the FBI free to search Americans' messages without a judge.
8. DHS is buying access to real-time location data, the latest expansion of its surveillance technology
The Department of Homeland Security signed a fresh contract with Penlink for a tool that tracks phones in real time. Civil liberties groups said the deal let agents follow people without a warrant.
9. Open Records Laws Reveal ALPRs' Sprawling Surveillance. Now States Want to Block What the Public Sees
Several states moved to exempt licence plate reader data from public records laws. The EFF warned that the change would hide how police use and share this mass surveillance.
10. How Push Notifications Can Betray Your Privacy (and What to Do About It)
The EFF explained how push notifications leak data to Apple, Google and, through them, to police. It set out practical steps people can take to limit what their phones reveal.
11. Apple rolls out iOS 26.4.2 to fix a flaw that allowed the FBI to access push notifications
Apple shipped an update after reports that deleted notifications stayed in a database police could read. The fix stops the phone from keeping notifications that the user has cleared.
12. Mexican Surveillance Company
Schneier flagged the spread of Grupo Seguritech, a Mexican surveillance firm now moving into the United States. He used the case to warn that each gain in monitoring power costs civil liberties.
13. Sen. Sanders Talks to Claude About AI and Privacy
Schneier highlighted a video of Senator Bernie Sanders questioning an AI assistant about privacy and big tech. Readers debated whether the model gave honest answers or simply told the senator what he wanted to hear.
14. Supreme Court finds for TikTok in dispute with Data Protection Commission
Ireland's Supreme Court backed TikTok in a procedural fight with the data regulator. A stay on the 530 million euro fine and the order to halt China transfers stays in place while the case continues.
15. Italy's data protection regulator fined Intesa Sanpaolo €31.8 million over insider data breach
Italy's Garante fined the bank Intesa Sanpaolo after one worker snooped on thousands of customer accounts. The regulator said weak controls let the abuse run for two years before anyone noticed.
16. Russia Hacked Routers to Steal Microsoft Office Tokens
Krebs reported a Russian campaign that compromised home and office routers to grab Microsoft sign in tokens. The stolen tokens let attackers read email and files without a password.
17. Germany Doxes "UNKN," Head of RU Ransomware Gangs REvil, GandCrab
German investigators named the alleged leader of the REvil and GandCrab ransomware crews. The gangs stole and leaked vast amounts of personal data during years of attacks.
18. 'Scattered Spider' Member 'Tylerb' Pleads Guilty
A member of the Scattered Spider crew pleaded guilty over a string of intrusions and extortion plots. The group used phone scams and SIM swaps to break into firms and steal sensitive records.
19. Committees Introduce Pair of Privacy Bills to Establish Comprehensive Data Protections for All Americans
House Republicans introduced the SECURE Data Act to set a single national privacy standard. The bill would give people rights to access and delete data and to opt out of targeted advertising.
20. Why America's biggest companies gave up the fight against Utah's app store law protecting kids
A trade group for Apple, Google, Meta and Amazon dropped its lawsuit against Utah's age verification law for app stores. The measure forces stores to check ages and seek parental consent before minors can download apps, and privacy groups warn that such checks push everyone towards handing over identity data.
Enjoyed this post?
Well, you could share the post with others, follow me with RSS Feeds and/or send me a comment via email.
Tags
Category:
Year: